Facebook Instagram Youtube
Book a call →
Book a call →

Privacy and personal data protection policy

Service provider: Mentalni Trening j.d.o.o.

1. Introduction and purpose of the document

Mentalni Trening j.d.o.o. (hereinafter: “we”, “us”, “our company”) is committed to protecting the privacy of all persons who use our services, visit our websites or contact us in any way.

This Privacy Policy describes what personal data we collect, why we collect it, how we use it, with whom we share it, how long we keep it, and what rights you have regarding your personal data.

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) and the Act on the Implementation of the General Data Protection Regulation (OG 42/2018).

2. Data about the controller

Company name: Mentalni Trening j.d.o.o.
Office address: Gorjanska 29, 4th floor, 10000 Zagreb, Croatia
OIB: 78167429326
Email: [email protected]
Phone +385 95 876 0949

For all questions regarding the processing of personal data, you can contact us at the contacts listed above.

3. What personal data do we collect?

3.1 Information you provide to us

When you contact us via web form, email, phone or in person, we may collect:

  • Full name
  • Email address
  • Phone number
  • Name of club, organization or institution (if applicable)
  • The sport you follow or play
  • The content of the message or query you send us
  • Information you voluntarily share as part of providing services (e.g. sports goals, previous experiences)

3.2 Data collected automatically

When you visit our website, certain technical data may be automatically recorded:

  • Device IP address
  • Internet browser type and version
  • Date and time of visit
  • Pages you visited and duration of visit
  • Pages you visited and duration of visit

3.3 Special categories of data

As part of the provision of psychological and mental health services, we may process data relating to the psychological state or mental health of the user. This data is classified as special categories of personal data within the meaning of Article 9 of the GDPR and we process it solely on the basis of the user’s explicit consent, for the purposes of providing the contracted services, applying the highest level of protection and discretion.

4. Legal basis and purpose of processing

We only process your personal data when there is a legal basis for doing so. Depending on the situation, we apply the following legal bases:

4.1 Performance of the contract (Art. 6, para. 1, point b) GDPR)

We process your data when necessary to provide our services – individual sessions, group workshops, education and all forms of mental preparation that we conduct.

4.2 Subpoena (Art. 6. para. 1. point a) GDPR-a)

For certain processing operations (newsletter, marketing communication, special categories of data), we process data solely on the basis of your free, informed and explicit consent. You can withdraw your consent at any time without any negative consequences for the use of our services.

4.3 Legitimate interest (Art. 6, para. 1, point f) GDPR)

In certain cases, we process data based on the legitimate interest of our company—for example, to improve our services, ensure website security, or communicate with potential clients who have contacted us directly.

4.4 Legal Obligation (Art. 6(1)(c) GDPR)

We process certain data because we are required to do so by applicable regulations (accounting, taxes, etc.).

5. Rights and obligations of service providers

5. Sharing personal data with third parties

We do not sell or share your personal information with third parties for commercial purposes. We may share your information only in the following cases:

  • To processors who provide us with technical services (hosting, email services, analytics) – exclusively on the basis of a contract that guarantees adequate data protection
  • To competent authorities (police, courts, tax authorities) when we are legally obliged to do so
  • To persons to whom you have explicitly granted access (e.g. collaborating psychologists or trainers within the framework of team collaboration – with your consent)

All processors with whom we cooperate by contract are obliged to maintain data confidentiality and implement appropriate technical and organizational protection measures.

6. Data transfer outside the European Union

In principle, we do not transfer your personal data to third countries outside the European Union or the European Economic Area. If such a transfer does occur (e.g. through the use of certain cloud services), we will ensure appropriate safeguards in accordance with the GDPR (standard contractual clauses or transfers to countries with an adequate level of protection according to a decision of the European Commission).

7. Data retention period

We only keep your personal data for as long as necessary to fulfill the purpose for which it was collected:

  • Data from contact forms and correspondence: up to 2 years from the last contact, or longer if a business relationship develops
  • Data of clients with whom there is a contractual relationship: 5 years from the termination of the contractual relationship (accounting obligation)
  • Data on sessions and client progress: until consent is withdrawn or cooperation ends, and for a maximum of 5 years
  • Newsletter subscribers: until unsubscribed
  • Cookies: according to the duration defined in the Cookie Policy

After the retention period expires, we delete or anonymize the data in a secure manner.

8. Your rights as a data subject

Under the GDPR, you have the following rights regarding your personal data:

– Right to access (Art. 15 GDPR) – you have the right to request confirmation as to whether we are processing your personal data and to obtain a copy of that data.
– Right to rectification (Art. 16 GDPR) – you have the right to request the rectification of inaccurate or incomplete data.
– Right to erasure (Art. 17 GDPR) – you have the right to request the erasure of your data (“right to be forgotten”), where there are legal requirements.
– Right to restriction of processing (Art. 18 GDPR) – you have the right to request that we temporarily restrict the processing of your data.
– Right to data portability (Art. 20 GDPR) – you have the right to receive your data in a structured, machine-readable format.
– Right to object (Art. 21 GDPR) – you have the right to object to processing based on legitimate interest.
– Right to withdraw consent – ​​when processing is based on consent, you can withdraw it at any time, without affecting the lawfulness of previous processing.

You can send requests for exercising your rights to: [email protected]

We will respond within 30 days of receiving your request. If we believe the request is complex or numerous, we may extend the deadline for an additional 60 days, with notice.

You have the right to file a complaint with the supervisory authority: Agency for Personal Data Protection (AZOP), Selska cesta 136, 10000 Zagreb, www.azop.hr

9. Cookies

Our website uses cookies to function properly and improve your user experience. Cookies are small text files that are stored on your device.

Types of cookies we use:

  • Necessary cookies – necessary for the website to function; they cannot be turned off
  • Analytical cookies – help us understand how visitors use the site (e.g. Google Analytics); they are activated only with your consent
  • Marketing cookies – used to display relevant ads; activated only with your consent

You can change your cookie settings at any time through your internet browser settings or through the cookie manager on our website.

10. Data security

We implement appropriate technical and organizational security measures to ensure the confidentiality, integrity and availability of your personal data, including:

  • SSL/TLS encryption for data transmission
  • Access control – data is available only to authorized persons
  • Regular security checks and system updates
  • Obligation of employees and associates to confidentiality

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, the competent supervisory authority will be notified within 72 hours, and the affected data subjects without undue delay.

Google reCAPTCHA

To protect forms from spam and abuse, this website uses the Google reCAPTCHA service. Use of the reCAPTCHA system is subject to Google’s Privacy Policy and Terms of Service.

reCAPTCHA analyzes various user information (e.g., IP address, on-page behavior, and browser technical data) to determine whether it is a real person or an automated system. This data processing is based on the legitimate interest of the data controller to protect the website and forms from abuse.

More information is available at the following links:

Google Privacy Policy: https://policies.google.com/privacy
Google Terms of Service: https://policies.google.com/terms

11. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legislation or technology. The date of the last update is always visible at the top of the document. By continuing to use our services or website after the posting of changes, you agree to the updated Policy.

In the event of significant changes that affect your rights, we will notify you directly (by email or notice on the website).

12. Contact

For any questions, requests or complaints regarding the processing of your personal data, please contact us:

Email: [email protected]
Phone: +385 95 876 0949
Address: Ratarska 35, 10000 Zagreb, Croatia